Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
17.1 Legacy Series
»
Webproxy accepting revoked certificates
« previous
next »
Print
Pages: [
1
]
Author
Topic: Webproxy accepting revoked certificates (Read 1049 times)
netranger
Newbie
Posts: 39
Karma: 5
Webproxy accepting revoked certificates
«
on:
May 27, 2017, 01:15:06 pm »
Hi guys,
I was playing around with HTTPS interception and noticed that the webproxy seems to accept revoked certificates (see screenshot revoked_interception.PNG).
If I disable HTTPS interception and try the testpage again, my browser blocks this page (see screenshot revoked_nointerception.PNG).
Is there something I can do to block those certificates using the webproxy? Other certificates, for example expired ones, get blocked correctly.
Cheers,
Netranger
Logged
fabian
Hero Member
Posts: 2384
Karma: 167
OPNsense Contributor (Language, VPN, Proxy, etc.)
Re: Webproxy accepting revoked certificates
«
Reply #1 on:
May 27, 2017, 01:44:45 pm »
This post says this is an OpenSSL problem (hard to bring openssl to do the check):
http://lists.squid-cache.org/pipermail/squid-users/2015-October/005894.html
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
17.1 Legacy Series
»
Webproxy accepting revoked certificates
